Hello,
I’d like to create a service which let user try Gradle through a web application. The target audience are my colleagues in my company.
The general use case would be that an user submits a build file, it is stored in a temporary directory and the server performs a Gradle build through the tooling API.
When running the server without a security manager, everything works fine.
When setting a security manager - I use Tomcat 8 with the -security flag at the moment - I have to define permissions for Gradle jars:
grant codeBase "file:${gradle.installation.dir}/-" { permission java.security.AllPermission; };
Now I try to restrict permissions to avoid people submitting code that could harm the service. So far I found that Gradle require at least these permissions to start:
grant codeBase "file:${gradle.installation.dir}/-" { permission java.lang.RuntimePermission "createSecurityManager"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission java.io.FilePermission "${catalina.base}/webapps/ROOT/WEB-INF/-", "read"; permission java.util.PropertyPermission "slf4j.detectLoggerNameMismatch", "read"; };
At this point, I face an issue that I cannot solve:
Could not create an instance of Tooling API implementation using the specified Gradle installation
[…]
Caused by: java.lang.NullPointerException: null
at org.gradle.util.GradleVersion.(GradleVersion.java:57)
Apparently Gradle cannot load the org/gradle/build-receipt.properties text file bundled in the gradle-core jar.
I wanted to patch GradleVersion.java to add the following lines:
URL resource = GradleVersion.class.getResource(RESOURCE_NAME); if (resource == null) { // Resource not found, try to load through the context class loader bound to the current thread resource = Thread.currentThread().getContextClassLoader().getResource(RESOURCE_NAME); }
But being behind a proxy, when I run ./gradlew build, all integration tests requiring access to jcenter fail.
I have a $GRADLE_USER_HOME/gradle.properties setting http(s) proxy.
I tried to modify the gradlew script to add the -Dhttp.proxyHost/Port variables.
I thought that the gradle wrapper could be the issue, so I tried with my local gradle installation, but running gradle build fails very early (within buildSrc).
Few questions for people browsing the forum:
1. Have you ever tried to run the Gradle Tooling API with a Security Manager?
2. If so, do you have a pointer on some documentation listing required permissions please?
3. Do you have a trick to build gradle behind a proxy?
Thank you.